FredBainbridge

Enable Isolated User Mode in Windows 10

UPDATE
This for any Windows 10 release pre 1607 (Anniversary Edition). With 1607 this functionality is baked into Hyper-V.
You need to enable Isolated User Mode in Windows 10 if you want to, among other things, utilize the virtual TPM chip in generation 2 virtual machines. If you try to start a gen 2 virtual machine with the TPM chip enabled but without Isolated User Mode enabled you get this error message:
VirtualTPMError
First, own and activate your TPM chip and then run the following PowerShell commands:

Enable-WindowsOptionalFeature -Feature IsolatedUserMode -Online New-Item -Path HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard -Force 
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard -Name EnableVirtualizationBasedSecurity -Value 1 -PropertyType DWord Force

Did you reboot after doing this and expect it to work but it didn’t? Check out the event log and then activate your TPM chip!

TPMActivationNeeded


Share